Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.
References
Link | Resource |
---|---|
https://www.tenable.com/security/tns-2021-04-0 | Patch Vendor Advisory |
https://www.tenable.com/security/tns-2021-07 | Not Applicable Vendor Advisory |
Configurations
History
No history.
Information
Published : 2021-03-19 19:15
Updated : 2024-02-28 18:08
NVD link : CVE-2021-20077
Mitre link : CVE-2021-20077
CVE.ORG link : CVE-2021-20077
JSON object : View
Products Affected
tenable
- nessus_agent
CWE